From a5f28162785ad496c992d52e01bc9ad286e48209 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Sun, 23 Jun 2024 22:34:38 +0200
Subject: [PATCH] fuzzer_load_{config_file,input_conf}: take into account file
 size limit

We are strict about load command errors, so we have to clamp the size.
---
 fuzzers/fuzzer_load.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/fuzzers/fuzzer_load.c b/fuzzers/fuzzer_load.c
index 1bfd950211..d277fe35cb 100644
--- a/fuzzers/fuzzer_load.c
+++ b/fuzzers/fuzzer_load.c
@@ -28,6 +28,18 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+#ifdef MPV_LOAD_CONFIG_FILE
+    // config file size limit, see m_config_parse_config_file()
+    if (size > 1000000000)
+        return 0;
+#endif
+
+#ifdef MPV_LOAD_INPUT_CONF
+    // input config file size limit, see parse_config_file() in input.c
+    if (size > 1000000)
+        return 0;
+#endif
+
     // fmemopen doesn't have associated file descriptor, so we do copy.
     int fd = memfd_create("fuzz_mpv_load", 0);
     if (fd == -1)